CVE-2009-1301
Published: 16 April 2009
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.
Notes
Author | Note |
---|---|
jdstrand | per Debian, just a crasher per stefanlsd, code does not exist |
Priority
Status
Package | Release | Status |
---|---|---|
mpg123 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Released
(0.67-1ubuntu0.1)
|
|
intrepid |
Released
(1.4.3-3ubuntu0.1)
|
|
jaunty |
Released
(1.4.3-4ubuntu1.1)
|
|
upstream |
Released
(1.7.2-1)
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/+source/mpg123/+bug/370031 |